Logstash error : Got response code '401' contacting Elasticsearch

Hey,
so here is my issue:
I installed x-pack on elastiic kibana ana logstash
the connection kibana elastic works fine.
unfortunatly logstash-elasticsearch in not flowing smoothly.
here is the error u am getting:

:url=>"http://localhost:9200/", :error_type=>LogStash::Outputs::Elasticsearch::HttpClient::Pool::BadResponseCodeError, :error=>"Got response code '401' contacting Elasticsearch at URL 'http://localhost:9200/'"}

i created a user and a role here are the settings

{
"logstash_writter" : {
"cluster" : [
"manage_index_templates",
"monitor"
],
"indices" : [
{
"names" : [
"winlogbeat-*"
],
"privileges" : [
"write",
"delete",
"create_index"
]
}
],
"run_as" : ,
"metadata" : { },
"transient_metadata" : {
"enabled" : true
}
}
}

and user:

{
"logstash_internal" : {
"username" : "logstash_internal",
"roles" : [
"logstash_writter"
],
"full_name" : "Internal Logstash User",
"email" : null,
"metadata" : { },
"enabled" : true
}
}

for my config file:

input {
beats {
port => 5140
}
}
output{
elasticsearch{
hosts => ["localhost:9200"]
sniffing => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => logstash_internal
password => logstash
}
syslog{
host => "192.168.0.5"
port => 514
}
}

and i added those lines at the end of my logstash.yml:

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logsash_system
xpack.monitoring.elasticsearch.password: logstash

Am i missing something?
i'm running all that on a Centos7 latest version 6.2 of elastic.

i have been stuck on that for 3 days now i even freshly reinstalled ELK.

Thank you

By the way forgot to mention i can log in to elasticsearch on browser unsig the logstash_internal user

In logstash.yml, say
xpack.monitoring.elasticsearch.username: logsash_system, it must be logstash_system
maybe is that

good luck

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.